This release deserved the 4.x.x major version increase because of a new major feature:

Added support to crack passwords and salts up to length 256

Internally, this change took a lot of effort - many months of work. The first step was to add an OpenSSL-style low-level hash interface with the typical HashInit(), HashUpdate() and HashFinal() functions. After that, every OpenCL kernel had to be rewritten from scratch using those functions. Adding the OpenSSL-style low-level hash functions also had the advantage that you can now add new kernels more easily to hashcat - but the disadvantage is that such kernels are slower than hand-optimized kernels.

The OpenCL kernels from 3.6.0 were all hand-optimized for performance. No worries - these kernels still exist, and can be explicitly requested with the new -O (optimized kernel) option. This configures hashcat to use the optimized OpenCL kernels, but at the cost of limited password length support (typically 32).

Another important missing feature in the previous hashcat version was the self-test on startup. Some (mostly older) OpenCL runtimes were somewhat buggy (thanks to NV and AMD) in ways that created non-working kernels. The problem was that the user didn't get any error message that clarified the reason for the problems. With this version, hashcat tries to crack a known hash on startup with a known password. Failing to crack a simple known hash is a bulletproof way to test whether your system is set up correctly.

Added hash-mode 2501 = WPA/WPA2 PMK

This mode was added to run precomputed PMK lists against a hccapx, like cowpatty did (genpmk). You still have to precompute the PMK. Please use wlangenpmk/wlangenpmkocl from hcxtools to do so.

Improved macOS support

The evil "abort trap 6" error is now handled in a different way. There is no more need to maintain many different OpenCL devices in the hashcat.hctune database.